Описание
curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 7.50.1-1ubuntu2 |
| esm-infra-legacy/trusty | not-affected | 7.35.0-1ubuntu2.10 |
| esm-infra/xenial | not-affected | 7.47.0-1ubuntu2.2 |
| precise | released | 7.22.0-3ubuntu4.17 |
| precise/esm | not-affected | 7.22.0-3ubuntu4.17 |
| trusty | released | 7.35.0-1ubuntu2.10 |
| trusty/esm | not-affected | 7.35.0-1ubuntu2.10 |
| upstream | released | 7.50.2 |
| vivid/stable-phone-overlay | ignored | end of life |
| vivid/ubuntu-core | released | 7.38.0-3ubuntu2.4 |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.
curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.
curl and libcurl before 7.50.2, when built with NSS and the libnsspem. ...
curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.
EPSS
5 Medium
CVSS2
7.5 High
CVSS3